MAC Privacy

15 Nov 2014

This week at IETF91 we carried out an experiment to randomize Wi-Fi MAC addresses of users to improve privacy.

MAC addresses used in over-the-air communications by protocols such as the IEEE 802.11 WLAN have been identified as privacy risks that expose individuals to unauthorized tracking. As part of the joint collaboration between IAB/IESG and IEEE 802, and the work carried out by theÂ IEEE 802 EC Privacy SG, an experiment was suggested to assess implications of MAC address changes on Layer 2 and Layer 3 protocols.

A parallel network was setup for this experiment. An ietf-RandPrivMAC SSID was broadcast during the meeting and users were asked to run some scripts in their laptops to randomize their MAC address when connecting to this network. The network was isolated from the rest of the IETF meeting by means of using a different VLAN with separate DHCP and switching infrastructure. Statistics were captured and a detailed analysis will be performed over the next few days. Nevertheless, preliminary observations show that several client drivers support this technique, no major changes are required on the network configuration, and the probability of address duplication in a network like this is negligible. This is the first time we try this technique outside the lab, and now that we know more what to expect we can fine tune the setup in the future to have a better understanding of the different practical implications.

IETF is the best place to carry out an experiment like this, as users are not only willing to participate, but also provide active support and very smart observations. We received a number of suggestions about how to make the experiment more interesting, from adding support for more client devices to providing guidelines about improving DHCP allocations and usage of MAC addresses in IEEE protocols. The IETF NOC team was instrumental and extremely helpful before and during the experiment. Overall, this has been an excellent learning experience and we believe it is a first step in the right direction to provide better privacy for users of this widespread technology.